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DETAILED ACTION 



1 . This office action is in response to applicant's response filed on 01/28/2008. 

2. Claims 1-35 and 37-48 are pending. 

3. Claim 36 is cancelled. 

4. Claims 1,6,17, 22, 33 and 44 are amended. 

5. Examiner withdraws rejection of claims 6 and 33 under 35 U.S.C 1 01 due to 
correction by the applicant. 

6. Applicant's arguments have been fully considered but they are not persuasive. 

7. When responding to the Office action, Applicant is advised to clearly point out the 
patentable novelty the claims present in view of the state of the art disclosed by the 
reference(s) cited or the objection made. A showing of how the amendments avoid such 
references or objections must also be present. See 37 C.F.R. 1.111 (c). 



Response to Arguments 



1 . Applicant, on pages 1 7-18, of the remarks, argues "in the method of claims 1,17, 
33 and 44, Gong does not teach receiving a manifest defining a plurality of code 
assemblies that are members of at least one application, wherein the manifest defines 
at least one trusted application and application evidence for making a trusted decision." 

Examiner respectfully disagrees and asserts that Gong discloses that code from 
code stream 220 is object oriented software. Consequently, the code is in the form of 
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methods associated with objects that belong to classes. In response to instructions 
embodied by code executed by code executor 210, code executor 210 creates one or 
more objects 240. An object is a record of data combined with the procedures and 
functions that manipulate the record. All objects belong to a class. Each object 
belonging to a class has the same fields ("attributes") and the same methods. The 
methods are the procedures, functions, or routines used to manipulate the object. An 
object is said to be an "instance" of the class to which the object belongs, [see, for 
example, 7:20-33 and figs. 2A-2B; class corresponding to manifest]. Class definitions 
are generated from source code written by a programmer. For example, a programmer 
using a Java Development Kit enters source code that conforms to the Java 
programming language into a source file. The source code embodies class definitions 
and other instructions which are used to generate byte code which controls the 
execution of a code executor (i.e. a Java virtual machine). Techniques for defining 
classes and generating code executed by a code executor, such as a Java virtual 
machine, are well known to those skilled in the art. Each class defined by a class 
definition from code stream 220 is associated with a class name 238 ("identifier") and a 
code source 236. The class definition contains information used to specify the class 
name associated with a class. The code source represents a source of code from which 
is code received, such as a particular set of one or more files or code stream from a 
trusted source or untrusted source. Code executor 210 maintains an association 
between a class and its class name and code source. The code source may be a 
composite record containing a uniform resource locator ("URL") 234 and set of public 
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cryptographic keys 236. A URL identifies a particular source. The URL is a string used 
to uniquely identify any server connected to the world wide web. A URL may also be 
used to designate sources local to computer system 100. Typically, the URL includes 
the designation of the file and directory of the file that is the source of the code stream 
that a server is providing. A public cryptographic key, herein referred to as a key, is 
used to validate the digital signature which may be included in a file used to transport 
related code and data. Public cryptographic keys and digital signatures are described in 
Schneier, Applied Cryptography, (1996). The keys may be contained in the file, may be 
contained in a database associating keys with sources (e.g. URLs), or be accessible 
using other possible alternative techniques. A class may be associated with the digital 
signature associated with the file used to transport code defining the class, or the class 
definition of the class may be specifically associated with a digital signature. A class that 
is associated with a valid digital signature is referred to as being signed. Valid digital 
signatures are digital signatures that can be verified by known keys stored in a 
database. If a class is associated with a digital signature which can not be verified, or 
the class is not associated with any digital signature, the class is referred to as being 
unsigned. Unsigned classes may be associated with a default key. A key may be 
associated with a name, which may be used to look up the key in the database. While 
one code source format has been described as including data indicating a cryptographic 
key and URL, alternate formats are possible. Other information indicating the source of 
the code, or combinations thereof, may be used to represent code sources. Therefore, it 
is understood that the present invention, is not limited to any particular format for a code 
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source [7:34-8:59; 12:15-33 and figs. 2A- 4; Public cryptographic keys and digital 
signatures corresponding to application evidence]. 

2. Applicant, on pages 1 8-1 9, of the remarks, argues "in the method of claims 6, 22, 
33 and 44, Gong does not teach generating a permission grant set ... if application 
evidence for the at least one application satisfies at least one condition specified in a 
security policy specification for trusting the application, wherein the security policy 
specification defines multiple policy levels." 

Examiner respectfully disagrees and asserts that Gong discloses that The 
<URL> and a key corresponding to the <key name> represent a code source; the 
<action> and <target> represent a permission. A key is associated with a key name. 
The key and the corresponding key name are stored together in a key database. The 
key name can be used to find the key in the key database. Instruction 420-1 in FIG. 4, 
for example, is therefore an authorization of a permission to write to any file in 7tmp/" by 
any object of the classes associated with code source "file://bank"-"clerk" (i.e. URL- 
key). Access controller 280 is mechanism used to determine whether a particular action 
is authorized. Whenever the need to determine whether a particular action is authorized 
arises, a request to determine whether a particular action is authorized is transmitted to 
access controller 280. The access controller then determines whether the action is 
authorized based on the set of permissions contained by protection domains associated 
with the requestor of the action [12:15-33 and fig. 4]. 
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3. Examiner, however, in light of the above submission maintains the previous 
rejections while considering the amendments to the claims as follows: 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1, 2, 4-11, 13-18, 20-27, 29-33, 35-39, 41-48 are rejected under 35 
U.S.C. 102(e) as being anticipated by Gong, US Patent No. 6,044,467 (hereinafter 
Gong). 

Referring to claims 1,2,6, 7, 17, 22-23, 33 and 44, Gong teaches a computer 
program product, a system, a computer-readable medium and a method comprising: 

receiving a manifest defining a plurality of code assemblies that are members of 
at least one application, wherein the manifest defines at least one trusted application 
and application evidence for making a trusted decision [6:31-36; 7:20-8:59 and figs. 
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2A-2B; Public cryptographic keys and digital signatures corresponding to application 
evidence and class is corresponding to a manifest]; 

evaluating the application evidence to determine if the at least on application is 
trusted [3:27-29; 6:39-43; 7:20-8:59]; and 

generating a permission grant set for each code assembly that is a member of 
the at least one application if the application evidence satisfies at least one condition for 
trusting the at least one application [6:45-50]; and 

passing the permission grant to a run-time call stack [12:16-33; 14:66-67 and 
fig.2B]. 

Referring to claims 4, 5, 15, 16, 20, 21, 31, 32 and 35, Gong teaches a computer 
program product, a system, a computer-readable medium and a method further 
comprising evaluating application evidence at an application level/group level and a 
code assembly level before trusting the at least one application [column 11, lines 12- 
16, sources are corresponding to code assembly level]. 

Referring to claims 8, 24, 37 Gong teaches a computer program product, a system, 
a computer-readable medium and a method further comprising determining if the 
code assembly is a member of the at least one application [column 7, lines 20-25]. 
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Referring to claims 9 and 25, Gong teaches a computer program product, a 
system, a computer-readable medium and a method further comprising receiving a 
manifest defining members of the at least one application [column 6, lines 31-36]. 

Referring to claims 10, 26 and 38, Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based at least in part on evidence provided with the at least one 
application [column 6, lines 35-43]. 

Referring to claims 1 1 , 27 and 39, Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based at least in part on evidence external to the at least one 
application [column 10, lines 5-11]. 

Referring to claims 13, 29 and 41 , Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based on evidence from user interaction [column 10, lines 31-39]. 

Referring to claims 14, 30 and 42, Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based on evidence from evaluation of previous trust decisions 
[column 3, lines 16-21]. 
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Referring to claim 43, Gong teaches a computer program product, a system, a 
computer-readable medium and a method further comprising a security policy 
specification defining the condition [column 11, line 58 -column 12, line 5-11 and fig. 
2B]. 

Referring to claim 45, Gong teaches a computer program product, a system, a 
computer-readable medium and a method, wherein the first data field defines a group of 
applications [column 7, lines 53-58]. 

Referring to claims 46 and 47, Gong teaches a computer program product, a 
system, a computer-readable medium and a method further comprising a third data field 
identifying a location of one of the members of the at least one application [column 6, 
lines 52-61]. 

Referring to claim 48, Gong teaches a computer program product, a system, a 
computer-readable medium and a method further comprising a third data field 
requesting different levels of trust for different members of the at least one application 
[column 19, lines 1-7]. 
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Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of 
this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter 
as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 3, 12, 19, 28, 34 and 40 are rejected under 35 U.S.C. 103(a) as being 
obvious over Gong Patent No. 6,044,467 in view of Lao et al. Pub. No. US 
2003/0220880 A1 . 

Referring to claims 3, 12, 19, 28, 34 and 40, Gong teaches a method of 
receiving a manifest defining a plurality of code assemblies that are members of at least 
one application [column 6, lines 31-36] and evaluating application evidence for the at 
least one application [column 6, lines 39-43] (see claim 1 above). Gong further 
teaches generating a permission grant set for each code assembly [column 6, lines 
45-50]. Gong does not appear to explicitly teach a method wherein evaluating 
application evidence is based at least in part on an XrML license. However, Lao teaches 
a method such that access is granted based on a license, such as an XrML license, and 
the like, can be presented [paragraph 0166]. Gong and Lao are analogous art because 
both teach application security. 
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At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to modify the method of Gong to include a method such that access is granted 
based on a license, such as an XrML license of Lao because XrML license controls and 
specifies a manner of use of consumption of a distributed network service. 

Conclusion 

1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to YONAS BAYOU whose telephone number is (571)272- 
7610. The examiner can normally be reached on m-f,7:30-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571-272-381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Yonas Bayou/ 
Examiner, Art Unit 2134 
05/20/2008 

/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2134 



